Less than two in five SMB IT decision makers surveyed in the United States, United Kingdom and Australia believe their organizations are completely ready to manage IT security and protect against threats.
That’s according to Webroot’s SMB Cybersecurity Survey, conducted by Wakefield Research among 200 SMB IT decision makers in the U.S., 300 in the U.K., and 200 in Australia.
George Anderson, Webroot’s director of product marketing, notes to Channel Partners how many SMBs are outsourcing cybersecurity to MSPs to make up for the lack of time and in-house expertise. According to the survey, 81 percent of respondents agreed such outsourcing would improve the amount of time they have to address other tasks.
“With the majority of SMBs surveyed planning to increase their cybersecurity budget[s] in 2016, VARs across a broad variety of industries are beginning to embrace this service-centric relationship with their clients,” he said. “For customers, choosing to work with an MSP means they avoid installation and maintenance headaches. They also avoid diverting resources towards laborious IT security support tasks or ad hoc break/fix reseller charges.”
At most SMBs, IT teams are expected to handle all cybersecurity management and concerns. According to the survey, IT employees at nearly one in three companies juggle security along with their other responsibilities.
Also, the vast majority of SMBs do not have security budgets remotely comparable to those of large – and previously breached – enterprises such as J.P. Morgan, Target and Anthem. Nearly three in five respondents think their business is more prone to cyberattacks because they have too few resources for maintaining their defenses, according to the survey.
“Although SMBs appear more aware of cybersecurity-related risks to their organizations, many are still unsure or under-informed about their own readiness to handle such risks,” Anderson said. “Overall, 81 percent of respondents plan to increase their annual IT security budget[s] for 2016, by an average of 22 percent.”
Nearly half (48 percent) of IT decision makers think their company is vulnerable to insider threats, such as employees. Also, 45 percent believe they are unprepared for unsecured internal and external networks, such as …
… public Wi-Fi, and 40 percent believe they are unprepared for unsecured endpoints, such as computers and mobile devices.
Survey respondents’ lack of confidence may be due to a reliance on outdated, traditional antivirus tools, according to the survey.
As for regional differences, half (50 percent) of respondents in the U.S. feel they don’t have time to stay abreast of the latest cybersecurity threats, compared to 61 percent in Australia. Also, respondents in the U.S. and U.K. expressed more confidence in their endpoint protection capabilities (63 percent) than their counterparts in Australia (55 percent).
As for money lost due to a potential cyberattack in 2016, respondents in the U.S. estimated their businesses would lose an average of $522,602, compared to about $326,000 in the U.K., and about $341,000 in Australia.
“The survey makes it clear SMB IT decision makers are stretched thin,” Anderson said. “Therefore, we should expect a continued movement towards outsourced IT, particularly on the cybersecurity front.”